Date: Wed, 15 Dec 93 10:32:58 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#007
Computer Privacy Digest Wed, 15 Dec 93 Volume 4 : Issue: 007
Today's Topics: Moderator: Leonard P. Levine
Re: Gun Control/Registration/Confiscation
Re: Gun Control/Registration/Confiscation
Re: Right To Search Floppy Disks?
Re: Right To Search Floppy Disks?
Re: Cellular Phone Security
Re: Cellular Phone Security
Re: Cellular Phone Security
Re: Cellular Phone Security
Re: Cellular Phone Security
Re: Cellular Phone Security
Re: Cellular Phone Security
Re: Encryption At School
Re: Encryption At School
e-Mail privacy
Connecticut License and SSN
LA Times Electronic Privacy
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
from: vivo@hardy.u.washington.edu (The Flying Finn)
Organization: University of Washington, Seattle
Date: 14 Dec 1993 19:18:01 GMT
Subject: Re: Gun Control/Registration/Confiscation
In article <comp-privacy4.6.2@cs.uwm.edu>,
Dave Niebuhr <dwn@dwn.ccd.bnl.gov> wrote:
>And after what happened on the Long Island Railroad on December 7, 1993,
>the Brady Bill has proved worthless. A man got on a train and proceeded
>to kill five people and injure about 20 more. He used a 9mm pistol that
>was purchased legally in California.
>
>So much for a 5-day waiting period. California has a 15-day one and this
>guy checked out clean.
>
Look, nobody ever said the Brady Bill was foolproof. The point is that the
Brady Bill would prevent *some* homicides, not *all* homicides. A determined
stalker is going to get a gun. A less determined stalker - or a temporarily
pissed-off individual - will likely be deterred. If memory serves me
right, the Brady Bill would have saved Jim Brady, Ron Reagan, a D.C.
policeman, and a Secret Service agent from being shot if it had been in
effect when Hinckley bought his guns(Hinckley had had mental problems that
would be flagged by the background check).
=Eric
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: Tue, 14 Dec 1993 14:43:50 -0600 (CST)
Subject: Re: Gun Control/Registration/Confiscation
In Computer Privacy Digest, Volume 4: Issue: 6 mcinnis@vnet.ibm.com
speaking on Gun Control/Registration/Confiscation states:
>Of course, the lesson to be learned here is to move to NY City where the gun
>laws keep the steets free of crime and to avoid lawless areas of the country
>like Texas.
I did a little checking on the data by calling Milwaukee Public
Library's Ready Reference service and found the following:
This is from the Statistical Abstracts:
City Murder/ Overall Crime/
100,000 100,000
Detroit 57 2,899
Dallas 44 2,438
New York City 31 2,384
El Paso 7 992
I guess the media presence in NYC affect the perception we all have.
--
Leonard P. Levine e-mail levine@cs.uwm.edu
Professor, Computer Science Office 1-414-229-5170
University of Wisconsin-Milwaukee Fax 1-414-229-6958
Box 784, Milwaukee, WI 53201
[This strays a bit off of the privacy question so I would like to
terminate this string after one last round. LPL Moderator]
------------------------------
From: jmm@elegant.com (John Macdonald)
Date: Tue, 14 Dec 1993 10:11:20 -0500
Subject: Re: Right To Search Floppy Disks?
> The issue of administators of schools coming to your house for a routine
> search is a joke. You don't have to let anyone in your house unless
> they have a search warrant. Basically your argument that there is
> some kind of legal distinction between police and school administation
> searches is wrong. If the safety of the students in the school is
> in question the police could search every backpack, locker, and purse
> in the whole school without fear of any "legal" reprisals.
There is a difference in the standard to which non-police
and police are held.
While you do not *have* to let anyone into your home without
a search warrant, there is a difference in what can happen
if you *do* let them in. A policeman who searches without a
warrant is liable to have any evidence that they gather be
ruled as inadmissible. However, if they just happen to be
present in a legitimate capacity while a private individual
carries out a search and the officer sees some incriminating
evidence, then they are free to act on that evidence.
(I am not a lawyer, so this interpretation may be subject to
debate, or perhaps out of date. It was originally presented
in fiction written by Erle Stanley Gardner [pseudonym A. A.
Fair] a few decades ago, when the implications of the Miranda
case were being figured out.)
--
That is 27 years ago, or about half an eternity in | John Macdonald
computer years. - Alan Tibbetts | jmm@Elegant.COM
------------------------------
From: jma@ihlpm.att.com
Organization: AT&T
Date: Tue, 14 Dec 93 17:05:26 EST
Subject: Re: Right To Search Floppy Disks?
bitbug@netcom.com (James Buster) writes:
>That is, precisely, the problem. In most(all?) public schools, school
>administrators are government employees. I think that *all* government
>employees should be held to the same standard of conduct as police officers.
>Otherwise you have the current intolerable situation where "Oh, she's not a
>*police officer*, she's an *administrator*.". Just wait until some idiot
>bureaucrat figures this out, and sends administrators to illegally search
>your home: "It's ok, they're not police officers.".
It was a short wait! Where I live the city employs "meter readers" to
go _inside_ each residence once a year to verify that the "water meter"
is accurate. While performing this service these persons are directed to
look for "suspicious" items and report to the police for the "war on ..."
So, it's not an illegal search, its not a search at all, it's just the
meter reader....
--
Ed Schaefer K9JMA ham radio N97178 aviation
------------------------------
From: vivo@hardy.u.washington.edu (The Flying Finn)
Organization: University of Washington, Seattle
Date: 14 Dec 1993 19:26:50 GMT
Subject: Re: Cellular Phone Security
Andrew Grosso <agrosso@world.std.com> wrote:
> Unlike a phone conversation transmitted via a cable-type network,
>a cellular phone from the start transmits its information over the
>airwaves. There is no pretension that the information transmitted is
>physically protected or secure. The means to "tap" or otherwise listen
>to the information is very simple, and widespread: radio receiver type
>devices. By using a cellular phone, one is consenting to having one's
>conversations broadcast to an outside world, a world which has the means
>to listen to those converations. It is similar to using a megaphone to
>transmit your conversations.
Good point, but here is a problem:When I call over a standard fone, the
signal is transmitted(broadcast) to a satellite, then rebroadcast to
earth. Have I sacrificed my privacy by employing the satellite?
What about a network link? My email goes out in the form of packets that
are readable by every machine physically connected to the network. The
netcards or softare on the computers read EVERY packet, and usually
elect to discard packets not addressed to that machine. If they elect to
keep the packets, they get the same message that my correspondent recieves.
Have I surrendured my privacy by plugging a network card into my computer?
I don't dispute what you say, necessarily, but every definition of privacy
has it's problems.
=Eric
------------------------------
From: reed@interval.com (David P. Reed)
Date: Tue, 14 Dec 1993 14:27:28 -0500
Subject: Re: Cellular Phone Security
Andrew Grosso, (expressing what he emphasizes is "his own opinion,") states:
>As a prosecutor, I can tell you that I have much too much work to do (and
>so do all other prosecutors) to prosecute a case against person A for
>listening to person B's conversation when person B decided to use an
>obviously insecure means of communication simply because he or she
>thought it convenient at the time.
I have to pay his salary with my taxes so he can apply his personal
interpretation of the law by refusing to prosecute a clear violation?
Perhaps because I don't choose to avail myself of the option of owning a
gun and using it, he would also refuse to prosecute criminal trespass,
stalking, murder, etc.
Or less extremely, if I fail to remember to lock my car or use a security
device he would deem inadequate for circumstances, he would not prosecute
grand theft auto?
I hope this is yet another hoax.
------------------------------
From: "Dick Murtagh" <dickm@vnet.IBM.COM>
Date: Tue, 14 Dec 93 12:01:36 PST
Subject: Re: Cellular Phone Security
> People who want the law to protect their cellular conversations by
> making the listening-in on such conversations illegal or unlawful are, in
> my opinion, like people who want it made illegal or unlawful for others
> to listen to conversations broadcast by megaphone. Since there is, and
> should be, no expectation of privacy in the means used to transmit the
> information, there should be nothing unlawful about listening in.
Sound logical thinking. I agree whole-heartedly. However, this is the
government we're talking about.
Consider: there are several satellites in geo-synch orbit which continuously
bombard my house with light waves. But if I put up the equipment to look
at that light, I am in violation of the law.
Dick Murtagh
------------------------------
From: tenney@netcom.com (Glenn S. Tenney)
Date: Tue, 14 Dec 1993 14:01:25 -0800
Subject: Re: Cellular Phone Security
agrosso@world.std.com (Andrew Grosso) wrote:
> Unlike a phone conversation transmitted via a cable-type network,
>a cellular phone from the start transmits its information over the
>airwaves. There is no pretension that the information transmitted is
>physically protected or secure. The means to "tap" or otherwise listen
>to the information is very simple, and widespread: radio receiver type
>devices. By using a cellular phone, one is consenting to having one's
>conversations broadcast to an outside world, a world which has the means
>to listen to those converations. It is similar to using a megaphone to
>transmit your conversations. ...
I agree that cellular phone conversations are easily monitored, and that
technical solutions should be used to assure privacy rather than
legislative methods. However, I suggest that you re-read the Electronic
Communications Privacy Act (ECPA) to understand that regardless of how easy
it is to listen to a cellular phone conversation, to do so for law
enforcement purposes requires a court ordered wiretap.
---
Glenn Tenney
tenney@netcom.com Amateur radio: AA6ER
(415) 574-3420 Fax: (415) 574-0546
------------------------------
From: greg@ideath.goldenbear.com (Greg Broiles)
Organization: iDEATH
Date: Tue, 14 Dec 93 17:52:37 PST
Subject: Re: Cellular Phone Security
Andrew Grosso (agrosso@world.std.com) writes:
> If you want privacy, then use a phone which uses cables. There,
> your information is physically secure, and you have a legitimate
> *expectation of privacy* in your converstations. An unauthorized taping
> is therefore properly unlawful.
While I know that the law says something different, I'm not sure that at
a technical level there's so much difference between wire-based and
radio-based transmissions. In large buildings, it's not particularly
unusual for telephone lines to be duplicated, such that one line may be
routed to many apartments; it's only connected to wall-jacks in one, but
the signals the wire carries are available to anyone with a test set or
an inductive pickup any place where there's physical access to the wires.
I prefer to think of our expectation of privacy as based upon a right
to privacy, not an accident of technology. Parabolic microphones make
far-away conversations easy to listen to, just like radio recievers make
radio conversations easy to listen to. Low-light binoculars and rifle
scopes make otherwise private or secret meetings easy to see, even if
the people involved expected otherwise. There are precious few
technological ways to preserve privacy, and they are vulnerable to
encroachment as technology advances.
I'm inclined to disagree with the idea that by using a cellular phone,
one automatically "consents" to having a conversation broadcast to the
world. The broadcasting is (or should be) obvious to anyone who thinks
about it, but I don't think it's accurate to assume that all people who
use cellular phones understand how insecure they are. (Similarly, I
suspect not many people who use wire-based phones understand how easy
it is to tap or listen in on one.)
The other side of the "consent" issue concerns a party using a wire-based
phone, who unknowingly talks with a person using a cellular phone. Their
comments are also being broadcast, quite possibly without their knowledge
or consent. As cellphone technology improves, it will become harder to
know when we're talking to someone using one.
> What these people are trying to do is to utilize the law in order
> to achieve an unnatural result: one wants privacy, but also wants the
> convenience of using an easy means to communicate which has no privacy.
> As a prosecutor, I can tell you that I have much too much work to do (and
> so do all other prosecutors) to prosecute a case against person A for
> listening to person B's conversation when person B decided to use an
> obviously insecure means of communication simply because he or she
> thought it convenient at the time.
Philosophically, how is this different for declining to prosecute person
A for breaking into person B's house, when it was ridiculously easy to
do so .. or person A for breaking into person B's computer, when the
system was obviously insecure?
I do agree, though, that trying to solve a technological problem (it's
easy to listen to other people's phone calls) with legislation is
a doomed project.
--
Greg Broiles Lemon Detweiler Pledge?
greg@goldenbear.com You're soaking in it.
------------------------------
From: rerodd@eos.ncsu.edu (Richard Roda)
Organization: North Carolina State University, Project Eos
Date: Wed, 15 Dec 1993 03:40:21 GMT
Subject: Re: Cellular Phone Security
agrosso@world.std.com (Andrew Grosso) writes:
> If you want privacy, then use a phone which uses cables. There,
>your information is physically secure, and you have a legitimate
>*expectation of privacy* in your converstations. An unauthorized taping
>is therefore properly unlawful.
One question: what if I recieve a call on my cable phone from a cellular
phone, and the caller does not let me know they are on a cellular phone. Do
*I* forfit my privacy??
--
--
PGP 2.3 Public key by mail | Richard E. Roda <rerodd@eos.ncsu.edu>
Disclaimer--------------------------------------------------------------
| The opinions expressed above are those of a green alien who spoke to |
| me in a vision. They do not necessarily represent the views of NCSU |
| or any other person, dead or alive, or of any entity on Earth. |
------------------------------------------------------------------------
Criminals prefer unarmed victims. Oppose gun control.
Drug Dealers prefer a monopoly. Support legalization of drugs.
------------------------------
From: tim@umcc.umcc.umich.edu (Tim Tyler)
Organization: UMCC, Ann Arbor, MI, USA
Date: 15 Dec 1993 04:04:42 -0500
Subject: Re: Cellular Phone Security
Andrew Grosso <agrosso@world.std.com> wrote:
> Unlike a phone conversation transmitted via a cable-type network,
>a cellular phone from the start transmits its information over the
>airwaves. There is no pretension that the information transmitted is
>physically protected or secure. The means to "tap" or otherwise listen
Except for the user's ignorance & gullability, thanks to the liars in
the CTIA.
>to the information is very simple, and widespread: radio receiver type
>devices. By using a cellular phone, one is consenting to having one's
>conversations broadcast to an outside world, a world which has the means
>to listen to those converations. It is similar to using a megaphone to
>transmit your conversations.
Except that people exhibit intent to listen in on cellular frequencies...
> If you want privacy, then use a phone which uses cables. There,
>your information is physically secure, and you have a legitimate
>*expectation of privacy* in your converstations. An unauthorized taping
>is therefore properly unlawful.
But a good percentage of POTS circuits use microwave-radio signals to
transmit the information between switches, and satellite circuits, too!
Should their be a distinction between the AMPS analog traffic on 800MHz &
the TDMA & FDMA digital traffic on microwave?
I fully agree with you that the relevent parts of the ECPA of 1986
are a joke, & that Congress & the CTIA are to be blamed. As it is, I have
9 or 10 receivers right here that are capable of picking up the cellular
telephone band, & I'm also put in about 20 minutes of air time per month
on my cellular phone.
--
Tim Tyler Internet: tim@ais.org MCI Mail: 442-5735 GEnie: T.Tyler5
P.O. Box 443 C$erve: 72571,1005 DDN: Tyler@Dockmaster.ncsc.mil
Ypsilanti MI AOL: Hooligan Packet Radio: KA8VIR @WB8ZPN.#SEMI.MI.USA.NA
48197 "Celebrate diversity -- get intolerant about something!"
------------------------------
From: kkruse@matt.ksu.ksu.edu (Korey J. Kruse)
Organization: Kansas State University
Date: Tue, 14 Dec 1993 12:27:54 -0600
Subject: Re: Encryption At School
Chris Burris <cburris@cap.gwu.edu> writes:
>I have a question:
>Suppose that I wrote a simple encryption program and
>ran it at school, and the administration searched my disk.
>Could the administration force me to give them the encryption key
>even if i refused?
They could pull out your fingernails until you told them =)
Your school adminstrator could threaten you with punishment if you
refused to supply the key. Using physical force would be illegal.
Of course you could choose to accept the punishment and refuse to give
the key, or better yet you could tell the admin. that you forgot the
key. The latter method could also be used with the police/courts if
they tried to compel you to divulge the information.
------------------------------
From: rerodd@eos.ncsu.edu (Richard Roda)
Organization: North Carolina State University, Project Eos
Date: Wed, 15 Dec 1993 03:38:17 GMT
Subject: Re: Encryption At School
Chris Burris <cburris@cap.gwu.edu> writes:
>I have a question:
>Suppose that I wrote a simple encryption program and
>ran it at school, and the administration searched my disk.
>Could the administration force me to give them the encryption key
>even if i refused?
Heh.. Heh... use a morphic cypher and give them the bogous key. They'll
think you caved and gave them the real info, and you will get them off of
your back.
--
PGP 2.3 Public key by mail | Richard E. Roda <rerodd@eos.ncsu.edu>
Disclaimer--------------------------------------------------------------
| The opinions expressed above are those of a green alien who spoke to |
| me in a vision. They do not necessarily represent the views of NCSU |
| or any other person, dead or alive, or of any entity on Earth. |
------------------------------------------------------------------------
Criminals prefer unarmed victims. Oppose gun control.
Drug Dealers prefer a monopoly. Support legalization of drugs.
------------------------------
From: Sharon Shea <sshea@world.std.com>
Date: Wed, 15 Dec 1993 08:45:32 -0500 (EST)
Subject: e-Mail privacy
What do you think of this invation of e-mail privacy? -
The passwords to my computer were obtained through a trusted student
worker (without my knowledge or consent, by intimidating my student
worker - who later reported the incident to me) and my saved e-mail was
read from my hard drive. This was done at work, by my supervisor. This
was done at MIT, which has no stated policy about the privacy of
personal e-mail on university computers. It's implied, however, that
computers are used for personal use. (A memo went around that told
everyone to be sure private stuff was off their computers before weekly
backup. I'm told this implies that private coresspondence is allowed.)
What's more, my supervisor then copied out my e-mail and passed it
around, in places where it was obviously hoped that it would do me
professional harm.
Does anyone have any suggestions about how to deal with this, or what
legal possibilities I may have in replying to this action? Thanks.
-Sharon
------------------------------
From: dean@world.std.com (Dean S Banfield)
Organization: The World Public Access UNIX, Brookline, MA
Date: Tue, 14 Dec 1993 22:22:34 GMT
Subject: Connecticut License and SSN
Just recently returned from a trip to MVD in CT. TO my dismay they are now
asking for SSN. I tried the 'just say no thank you' (I being one to open
with a polite attitude) approach and was pleasantly surprised to find out
that that was OK by them. My question: If you don't care, and so easily
ignore the question, then why ask for it in the first place? Seems like
gratuitous data collection from the unwary. Opinions, or experiences with
CT MVD?
--
Dean S. Banfield Voice: (203) 656-1500
Real Decisions Corporation FAX : (203) 656-1659
22 Thorndal Circle email: dean@world.std.com
Darien, CT 06820
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: Wed, 15 Dec 1993 08:25:04 -0600 (CST)
Subject: LA Times Electronic Privacy
According to the New York Times The Los Angeles Times has recalled
a foreign correspondent from its Moscow bureau for snooping into the
electronic mail of his colleagues.
The correspondent, Michael Hiltzik, is being reassigned to Los
Angeles as a disciplinary action. The report describes email and
discusses the question of privacy including comments that there is
no clear policy regarding internal email.
The article states that he was caught reading the electronic mail
of another Moscow correspondent in a sting operation set up by the
paper.
Correspondents in Moscow became suspicious when they discovered
that their passwords had been entered into the computer system at
times when they had not been using the computer according to the
article.
It is not report how Hiltzik obtained the passwords necessary for
him to gain access to his colleagues' electronic mail.
--
Leonard P. Levine e-mail levine@cs.uwm.edu
Professor, Computer Science Office 1-414-229-5170
University of Wisconsin-Milwaukee Home 1-414-962-4719
Box 784, Milwaukee, WI 53201 Fax 1-414-229-6958
------------------------------
End of Computer Privacy Digest V4 #007
******************************
.